package cn.cs.mathgo.app.server;

import cn.cs.mathgo.app.server.authentication.MyLogoutHandler;
import cn.cs.mathgo.common.util.MPasswordEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * 资源服务器，和认证服务器在物理上可以在一起也可以分开
 * ClassName: ImoocResourceServerConfig 
 * @Description: TODO
 * @author lihaoyang
 * @date 2018年3月13日
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
	private Logger logger = LoggerFactory.getLogger(getClass());
	//自定义的登录成功后的处理器
	@Autowired
	private AuthenticationSuccessHandler authenticationSuccessHandler;

	@Autowired
	private OAuth2WebSecurityExpressionHandler expressionHandler;
	@Autowired
	private MPasswordEncoder mPasswordEncoder;

	//自定义的认证失败后的处理器
	@Autowired
	private AuthenticationFailureHandler authenticationFailureHandler;
	
	@Override
	public void configure(HttpSecurity http) throws Exception {
		//----------表单认证相关配置---------------
		http.formLogin().loginPage("/authentication/require")

				.loginProcessingUrl("/authentication/form")
			.successHandler(authenticationSuccessHandler)//自定义的认证后处理器
			.failureHandler(authenticationFailureHandler) //登录失败后的处理
			.and()
				.logout().logoutUrl("/authentication/logout").addLogoutHandler(new MyLogoutHandler()).and()
		//-----------授权相关的配置 ---------------------
		.authorizeRequests()
			// /authentication/require：处理登录，securityProperties.getBrowser().getLoginPage():用户配置的登录页
			.antMatchers("/authentication/require",
					"/authentication/form",
					"/auth/logout",
					"/logout",
					"/**/*.js",
					"/**/*.css",
					"/**/*.jpg",
					"/**/*.png",
					"/**/*.woff2",
					"/sigma/**",
					"org/user/login").permitAll().and().authorizeRequests().antMatchers(org.springframework.http.HttpMethod.OPTIONS).permitAll() //验证码
			.anyRequest()//任何请求

			//.authenticated()	//都需要身份认证
				//.and()
				.access("@resourceService.hasPermission(request,authentication)")
		       .and()

			.csrf().disable(); //关闭csrf防护

	}
	@Override
	public void configure(ResourceServerSecurityConfigurer resources) {
		resources.expressionHandler(expressionHandler);
	}

	@Bean
	public PasswordEncoder passwordEncoder() {
		  //return new BCryptPasswordEncoder();
		return mPasswordEncoder;
	}
/*	@Bean
	public PasswordEncoder passwordEncoder() {
		return new Md5PasswordEncoder();;
	}*/

	/**
	 * 自定义加密方法
	 */

}
